From owner-freebsd-questions  Thu Nov  8 19: 6:12 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from pr0n.kutulu.org (pr0n.kutulu.org [151.196.107.157])
	by hub.freebsd.org (Postfix) with ESMTP id 2821537B419
	for <freebsd-questions@FreeBSD.ORG>; Thu,  8 Nov 2001 19:06:10 -0800 (PST)
Received: from cc191573g (kutulu@cc191573-g.longhill1.md.home.com [24.37.104.136])
	by pr0n.kutulu.org (8.11.6/8.11.6) with SMTP id fA9360k12944;
	Thu, 8 Nov 2001 22:06:00 -0500 (EST)
	(envelope-from kutulu@kutulu.org)
Message-ID: <027f01c168ca$c4347820$88682518@longhill1.md.home.com>
From: "Kutulu" <kutulu@kutulu.org>
To: "Anthony Atkielski" <anthony@atkielski.com>,
	<freebsd-questions@FreeBSD.ORG>
References: <15330.6606.417524.41024@guru.mired.org><002b01c1635f$5a5f4300$0a00000a@atkielski.com> <15330.14419.809266.281360@guru.mired.org> <007e01c1636e$97016d10$0a00000a@atkielski.com> <20011108021537.E79276@hades.hell.gr> <002801c1682c$818807b0$0a00000a@atkielski.com> <20011108102356.B10218@pr0n.kutulu.org> <00a101c16891$ee108050$0a00000a@atkielski.com>
Subject: Re: Re[2]: Tiny starter configuration for FreeBSD
Date: Thu, 8 Nov 2001 22:01:00 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


----- Original Message -----
From: "Anthony Atkielski" <anthony@atkielski.com>
To: "Kutulu" <kutulu@kutulu.org>; <freebsd-questions@FreeBSD.ORG>
Sent: Thursday, November 08, 2001 3:14 PM
Subject: Re: Re[2]: Tiny starter configuration for FreeBSD


> Can telnet be secured for guest accounts by specifying a shell that really
isn't
> a shell, e.g., a custom-written program that provides no shell-like
command
> access?

Sure, that would work.  Your guest account is then as secure as the
replacement shell program.  You'd have to take care to avoid both direct
exploits to that program that may permit raised access levels, and exploits
that allow the user to escape the pseudo-shell into a real one.  Something
like this concept is what drives many a small bulletin
board/MUD/freenet/etc: the guest account gets a 'shell' that's just a menu
of commands they're allowed to run, etc.

--K


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message